[OpenAFS] home on afs woes

Jeffrey Hutzelman jhutz@cmu.edu
Thu, 12 Jan 2006 21:27:29 -0500

On Thursday, January 12, 2006 04:15:08 PM -0800 Russ Allbery 
<rra@stanford.edu> wrote:

> In fact, if you're using OpenSSH 4.2 and aren't building with the
> (unsupported and strongly discouraged by upstream) threading hack, any
> setpag() done in the authentication phase *definitely won't* affect the
> user session.  OpenSSH 4.2 spawns a child process to do the PAM calls.
> (It's a stupid architecture that breaks all kinds of other things, but I'm
> not guessing I'm going to get anywhere with that discussion.)

It does break all kinds of things, and it is annoying.

However, they do it that way not as part of some misguided attempt at 
"security", but because of the constraints imposed by the way their SSH 
protocol parser interacts with keyboard-interactive.  Fixing it would 
require significant work, not to mention actually getting the fix accepted.

-- Jeff